| ppp.8 (87f6044a4bdee875efc62129fe36d2791f72a045) | ppp.8 (05dbe14bd394a8a0eaf3b30c07393dfca771aea7) |
|---|---|
| 1.\" $Id: ppp.8,v 1.100 1998/05/21 21:47:48 brian Exp $ | 1.\" $Id: ppp.8,v 1.101 1998/05/21 23:45:10 brian Exp $ |
| 2.Dd 20 September 1995 3.Os FreeBSD 4.Dt PPP 8 5.Sh NAME 6.Nm ppp 7.Nd Point to Point Protocol (a.k.a. user-ppp) 8.Sh SYNOPSIS 9.Nm --- 82 unchanged lines hidden (view full) --- 92In direct mode, 93.nm 94acts as server which accepts incoming 95.Em PPP 96connections on stdin/stdout. 97.It Supports PAP and CHAP authentication. 98With PAP or CHAP, it is possible to skip the Unix style 99.Xr login 1 | 2.Dd 20 September 1995 3.Os FreeBSD 4.Dt PPP 8 5.Sh NAME 6.Nm ppp 7.Nd Point to Point Protocol (a.k.a. user-ppp) 8.Sh SYNOPSIS 9.Nm --- 82 unchanged lines hidden (view full) --- 92In direct mode, 93.nm 94acts as server which accepts incoming 95.Em PPP 96connections on stdin/stdout. 97.It Supports PAP and CHAP authentication. 98With PAP or CHAP, it is possible to skip the Unix style 99.Xr login 1 |
| 100proceedure, and use the | 100procedure, and use the |
| 101.Em PPP 102protocol for authentication instead. If the peer requests Microsoft 103CHAP authentication and 104.Nm 105is compiled with DES support, an appropriate MD4/DES response will be 106made. 107.It Supports Proxy Arp. 108When --- 35 unchanged lines hidden (view full) --- 144.Em all 145network traffic flowing through the link, thus reducing overheads to a 146minimum. 147.It Supports Microsoft's IPCP extensions. 148Name Server Addresses and NetBIOS Name Server Addresses can be negotiated 149with clients using the Microsoft 150.Em PPP 151stack (ie. Win95, WinNT) | 101.Em PPP 102protocol for authentication instead. If the peer requests Microsoft 103CHAP authentication and 104.Nm 105is compiled with DES support, an appropriate MD4/DES response will be 106made. 107.It Supports Proxy Arp. 108When --- 35 unchanged lines hidden (view full) --- 144.Em all 145network traffic flowing through the link, thus reducing overheads to a 146minimum. 147.It Supports Microsoft's IPCP extensions. 148Name Server Addresses and NetBIOS Name Server Addresses can be negotiated 149with clients using the Microsoft 150.Em PPP 151stack (ie. Win95, WinNT) |
| 152.It Supports Multilink PPP | 152.It Supports Multi-link PPP |
| 153It is possible to configure 154.Nm 155to open more than one physical connection to the peer, combining the 156bandwidth of all links for better throughput. 157.Sh PERMISSIONS 158.Nm Ppp 159is installed as user 160.Dv root --- 100 unchanged lines hidden (view full) --- 261.Pa /etc/syslog.conf . 262Don't forget to send a 263.Dv HUP 264signal to 265.Xr syslogd 8 266after altering 267.Pa /etc/syslog.conf . 268.It | 153It is possible to configure 154.Nm 155to open more than one physical connection to the peer, combining the 156bandwidth of all links for better throughput. 157.Sh PERMISSIONS 158.Nm Ppp 159is installed as user 160.Dv root --- 100 unchanged lines hidden (view full) --- 261.Pa /etc/syslog.conf . 262Don't forget to send a 263.Dv HUP 264signal to 265.Xr syslogd 8 266after altering 267.Pa /etc/syslog.conf . 268.It |
| 269Although not strictly relevent to | 269Although not strictly relevant to |
| 270.Nm ppp Ns No s 271operation, you should configure your resolver so that it works correctly. 272This can be done by configuring a local DNS 273.Pq using Xr named 8 274or by adding the correct | 270.Nm ppp Ns No s 271operation, you should configure your resolver so that it works correctly. 272This can be done by configuring a local DNS 273.Pq using Xr named 8 274or by adding the correct |
| 275.Sq nameserver | 275.Sq name-server |
| 276lines to the file 277.Pa /etc/resolv.conf . 278Refer to the 279.Xr resolv.conf 5 280manual page for details. 281.El 282.Sh MANUAL DIALING 283In the following examples, we assume that your machine name is --- 208 unchanged lines hidden (view full) --- 492example in 493.Pa /etc/ppp/ppp.conf.sample 494which runs a script in the background after the connection is established. 495The literal strings 496.Dv HISADDR , 497.Dv MYADDR 498and 499.Dv INTERFACE | 276lines to the file 277.Pa /etc/resolv.conf . 278Refer to the 279.Xr resolv.conf 5 280manual page for details. 281.El 282.Sh MANUAL DIALING 283In the following examples, we assume that your machine name is --- 208 unchanged lines hidden (view full) --- 492example in 493.Pa /etc/ppp/ppp.conf.sample 494which runs a script in the background after the connection is established. 495The literal strings 496.Dv HISADDR , 497.Dv MYADDR 498and 499.Dv INTERFACE |
| 500may be used, and will be replaced with the relevent IP addresses and interface | 500may be used, and will be replaced with the relevant IP addresses and interface |
| 501name. Similarly, when a connection is closed, the 502contents of the 503.Pa /etc/ppp/ppp.linkdown 504file are executed. 505Both of these files have the same format as 506.Pa /etc/ppp/ppp.conf . 507.Pp 508In previous versions of --- 324 unchanged lines hidden (view full) --- 833It is 834.Em VITAL 835that either PAP or CHAP are enabled as above. If they are not, you are 836allowing anybody to establish ppp session with your machine 837.Em without 838a password, opening yourself up to all sorts of potential attacks. 839.Sh AUTHENTICATING INCOMING CONNECTIONS 840Normally, the receiver of a connection requires that the peer | 501name. Similarly, when a connection is closed, the 502contents of the 503.Pa /etc/ppp/ppp.linkdown 504file are executed. 505Both of these files have the same format as 506.Pa /etc/ppp/ppp.conf . 507.Pp 508In previous versions of --- 324 unchanged lines hidden (view full) --- 833It is 834.Em VITAL 835that either PAP or CHAP are enabled as above. If they are not, you are 836allowing anybody to establish ppp session with your machine 837.Em without 838a password, opening yourself up to all sorts of potential attacks. 839.Sh AUTHENTICATING INCOMING CONNECTIONS 840Normally, the receiver of a connection requires that the peer |
| 841authenticates themself. This may be done using | 841authenticates itself. This may be done using |
| 842.Xr login 1 , 843but alternatively, you can use PAP or CHAP. CHAP is the more secure 844of the two, but some clients may not support it. Once you decide which 845you wish to use, add the command 846.Sq enable chap 847or 848.Sq enable pap | 842.Xr login 1 , 843but alternatively, you can use PAP or CHAP. CHAP is the more secure 844of the two, but some clients may not support it. Once you decide which 845you wish to use, add the command 846.Sq enable chap 847or 848.Sq enable pap |
| 849to the relevent section of | 849to the relevant section of |
| 850.Pa ppp.conf . 851.Pp 852You must then configure the 853.Pa /etc/ppp/ppp.secret 854file. This file contains one line per possible client, each line 855containing up to four fields: 856.Bd -literal -offset indent 857name key [hisaddr [label]] 858.Ed 859.Pp 860The 861.Ar name 862and 863.Ar key | 850.Pa ppp.conf . 851.Pp 852You must then configure the 853.Pa /etc/ppp/ppp.secret 854file. This file contains one line per possible client, each line 855containing up to four fields: 856.Bd -literal -offset indent 857name key [hisaddr [label]] 858.Ed 859.Pp 860The 861.Ar name 862and 863.Ar key |
| 864specify the client as expected. If the client does not offer a suitable | 864specify the client as expected. If 865.Ar key 866is 867.Dq \&* 868and PAP is being used, 869.Nm 870will look up the password database 871.Pq Xr passwd 5 872when authenticating. If the client does not offer a suitable |
| 865response based on any 866.Ar name No / Ar key 867combination in 868.Pa ppp.secret , 869authentication fails. 870.Pp 871If authentication is successful, 872.Ar hisaddr --- 6 unchanged lines hidden (view full) --- 879.Ar label 880is specified, the current system label is changed to match the given 881.Ar label . 882This will change the subsequent parsing of the 883.Pa ppp.linkup 884and 885.Pa ppp.linkdown 886files. | 873response based on any 874.Ar name No / Ar key 875combination in 876.Pa ppp.secret , 877authentication fails. 878.Pp 879If authentication is successful, 880.Ar hisaddr --- 6 unchanged lines hidden (view full) --- 887.Ar label 888is specified, the current system label is changed to match the given 889.Ar label . 890This will change the subsequent parsing of the 891.Pa ppp.linkup 892and 893.Pa ppp.linkdown 894files. |
| 887.Sh PPP OVER TCP (a.k.a Tunneling) | 895.Sh PPP OVER TCP (a.k.a Tunnelling) |
| 888Instead of running 889.Nm 890over a serial link, it is possible to 891use a TCP connection instead by specifying a host and port as the 892device: 893.Dl set device ui-gate:6669 894Instead of opening a serial device, 895.Nm --- 188 unchanged lines hidden (view full) --- 1084If a given packet 1085matches the rule, the associated action is taken immediately. 1086.It 1087.Op Ar src_addr Ns Op / Ns Ar width 1088and 1089.Op Ar dst_addr Ns Op / Ns Ar width 1090are the source and destination IP number specifications. If 1091.Op / Ns Ar width | 896Instead of running 897.Nm 898over a serial link, it is possible to 899use a TCP connection instead by specifying a host and port as the 900device: 901.Dl set device ui-gate:6669 902Instead of opening a serial device, 903.Nm --- 188 unchanged lines hidden (view full) --- 1092If a given packet 1093matches the rule, the associated action is taken immediately. 1094.It 1095.Op Ar src_addr Ns Op / Ns Ar width 1096and 1097.Op Ar dst_addr Ns Op / Ns Ar width 1098are the source and destination IP number specifications. If 1099.Op / Ns Ar width |
| 1092is specified, it gives the number of relevent netmask bits, | 1100is specified, it gives the number of relevant netmask bits, |
| 1093allowing the specification of an address range. 1094.It 1095.Ar Proto 1096must be one of 1097.Sq icmp , 1098.Sq udp 1099or 1100.Sq tcp . --- 509 unchanged lines hidden (view full) --- 1610to exit. 1611.It USR2 1612This signal, tells 1613.Nm 1614to close any existing server socket, dropping all existing diagnostic 1615connections. 1616.El 1617.Pp | 1101allowing the specification of an address range. 1102.It 1103.Ar Proto 1104must be one of 1105.Sq icmp , 1106.Sq udp 1107or 1108.Sq tcp . --- 509 unchanged lines hidden (view full) --- 1618to exit. 1619.It USR2 1620This signal, tells 1621.Nm 1622to close any existing server socket, dropping all existing diagnostic 1623connections. 1624.El 1625.Pp |
| 1618.Sh MULTILINK PPP | 1626.Sh MULTI-LINK PPP |
| 1619If you wish to use more than one physical link to connect to a 1620.Em PPP 1621peer, that peer must also understand the | 1627If you wish to use more than one physical link to connect to a 1628.Em PPP 1629peer, that peer must also understand the |
| 1622.Em MULTILINK PPP | 1630.Em MULTI-LINK PPP |
| 1623protocol. Refer to RFC 1990 for specification details. 1624.Pp 1625The peer is identified using a combination of his 1626.Dq endpoint discriminator 1627and his 1628.Dq authentication id . 1629Either or both of these may be specified. It is recommended that 1630at least one is specified, otherwise there is no way of ensuring that 1631all links are actually connected to the same peer program, and some 1632confusing lock-ups may result. Locally, these identification variables 1633are specified using the 1634.Dq set enddisc 1635and 1636.Dq set authname 1637commands. The 1638.Sq authname 1639.Pq and Sq authkey 1640must be agreed in advance with the peer. 1641.Pp | 1631protocol. Refer to RFC 1990 for specification details. 1632.Pp 1633The peer is identified using a combination of his 1634.Dq endpoint discriminator 1635and his 1636.Dq authentication id . 1637Either or both of these may be specified. It is recommended that 1638at least one is specified, otherwise there is no way of ensuring that 1639all links are actually connected to the same peer program, and some 1640confusing lock-ups may result. Locally, these identification variables 1641are specified using the 1642.Dq set enddisc 1643and 1644.Dq set authname 1645commands. The 1646.Sq authname 1647.Pq and Sq authkey 1648must be agreed in advance with the peer. 1649.Pp |
| 1642Multilink capabilities are enabled using the | 1650Multi-link capabilities are enabled using the |
| 1643.Dq set mrru | 1651.Dq set mrru |
| 1644command (set maximum reconstructed receive unit). Once multilink | 1652command (set maximum reconstructed receive unit). Once multi-link |
| 1645is enabled, 1646.Nm | 1653is enabled, 1654.Nm |
| 1647will attempt to negotiate a multilink connection with the peer. | 1655will attempt to negotiate a multi-link connection with the peer. |
| 1648.Pp 1649By default, only one 1650.Sq link 1651is available 1652.Pq called Sq deflink . 1653To create more links, the 1654.Dq clone 1655command is used. This command will clone existing links, where all --- 29 unchanged lines hidden (view full) --- 1685.Dq link Ar name 1686prefix. 1687.Pp 1688Some commands can still be used without specifying a link - resulting 1689in an operation at the 1690.Sq bundle 1691level. For example, once two or more links are available, the command 1692.Dq show ccp | 1656.Pp 1657By default, only one 1658.Sq link 1659is available 1660.Pq called Sq deflink . 1661To create more links, the 1662.Dq clone 1663command is used. This command will clone existing links, where all --- 29 unchanged lines hidden (view full) --- 1693.Dq link Ar name 1694prefix. 1695.Pp 1696Some commands can still be used without specifying a link - resulting 1697in an operation at the 1698.Sq bundle 1699level. For example, once two or more links are available, the command 1700.Dq show ccp |
| 1693will show CCP configuration and statistics at the multilink level, and | 1701will show CCP configuration and statistics at the multi-link level, and |
| 1694.Dq link deflink show ccp 1695will show the same information at the 1696.Dq deflink 1697link level. 1698.Pp 1699Armed with this information, the following configuration might be used: 1700.Pp 1701.Bd -literal -offset indent --- 46 unchanged lines hidden (view full) --- 1748command to see which commands require context (using the 1749.Dq link 1750command), which have optional 1751context and which should not have any context. 1752.Pp 1753When 1754.Nm 1755has negotiated | 1702.Dq link deflink show ccp 1703will show the same information at the 1704.Dq deflink 1705link level. 1706.Pp 1707Armed with this information, the following configuration might be used: 1708.Pp 1709.Bd -literal -offset indent --- 46 unchanged lines hidden (view full) --- 1756command to see which commands require context (using the 1757.Dq link 1758command), which have optional 1759context and which should not have any context. 1760.Pp 1761When 1762.Nm 1763has negotiated |
| 1756.Em MULTILINK 1757mode with the peer, it creates a unix domain socket in the | 1764.Em MULTI-LINK 1765mode with the peer, it creates a local domain socket in the |
| 1758.Pa /var/run 1759directory. This socket is used to pass link information (including 1760the actual link file descriptor) between different 1761.Nm 1762invocations. This facilitates 1763.Nm ppp Ns No s 1764ability to be run from a 1765.Xr getty 8 1766or directly from 1767.Pa /etc/gettydefs 1768(using the 1769.Sq pp= 1770capability), without needing to have initial control of the serial 1771line. Once 1772.Nm | 1766.Pa /var/run 1767directory. This socket is used to pass link information (including 1768the actual link file descriptor) between different 1769.Nm 1770invocations. This facilitates 1771.Nm ppp Ns No s 1772ability to be run from a 1773.Xr getty 8 1774or directly from 1775.Pa /etc/gettydefs 1776(using the 1777.Sq pp= 1778capability), without needing to have initial control of the serial 1779line. Once 1780.Nm |
| 1773negotiates multilink mode, it will pass its open link to any | 1781negotiates multi-link mode, it will pass its open link to any |
| 1774already running process. If there is no already running process, 1775.Nm 1776will act as the master, creating the socket and listening for new 1777connections. 1778.Sh PPP COMMAND LIST 1779This section lists the available commands and their effect. They are 1780usable either from an interactive 1781.Nm --- 49 unchanged lines hidden (view full) --- 1831.Dq AuthKey 1832in 1833.Pa /etc/ppp/ppp.conf . 1834CHAP is accepted by default. 1835Some 1836.Em PPP 1837implementations use "MS-CHAP" rather than MD5 when encrypting the 1838challenge. MS-CHAP is a combination of MD4 and DES. If | 1782already running process. If there is no already running process, 1783.Nm 1784will act as the master, creating the socket and listening for new 1785connections. 1786.Sh PPP COMMAND LIST 1787This section lists the available commands and their effect. They are 1788usable either from an interactive 1789.Nm --- 49 unchanged lines hidden (view full) --- 1839.Dq AuthKey 1840in 1841.Pa /etc/ppp/ppp.conf . 1842CHAP is accepted by default. 1843Some 1844.Em PPP 1845implementations use "MS-CHAP" rather than MD5 when encrypting the 1846challenge. MS-CHAP is a combination of MD4 and DES. If |
| 1839.Nm was build 1840on a machine with DES libraries available, it will respond to MS-CHAP 1841authentication requests, but will never request them. | 1847.Nm 1848was built on a machine with DES libraries available, it will respond 1849to MS-CHAP authentication requests, but will never request them. |
| 1842.It deflate 1843Default: Enabled and Accepted. This option decides if deflate 1844compression will be used by the Compression Control Protocol (CCP). 1845This is the same algorithm as used by the 1846.Xr gzip 1 1847program. 1848Note: There is a problem negotiating 1849.Ar deflate --- 9 unchanged lines hidden (view full) --- 1859.Em 24 1860as the CCP configuration type rather than type 1861.Em 26 1862as specified in 1863.Pa rfc1979 . 1864Type 1865.Ar 24 1866is actually specified as | 1850.It deflate 1851Default: Enabled and Accepted. This option decides if deflate 1852compression will be used by the Compression Control Protocol (CCP). 1853This is the same algorithm as used by the 1854.Xr gzip 1 1855program. 1856Note: There is a problem negotiating 1857.Ar deflate --- 9 unchanged lines hidden (view full) --- 1867.Em 24 1868as the CCP configuration type rather than type 1869.Em 26 1870as specified in 1871.Pa rfc1979 . 1872Type 1873.Ar 24 1874is actually specified as |
| 1867.Dq PPP Magnalink Variable Resource Compression | 1875.Dq PPP Magna-link Variable Resource Compression |
| 1868in 1869.Pa rfc1975 Ns No ! 1870.Nm Ppp 1871is capable of negotiating with 1872.Nm pppd , 1873but only if 1874.Dq deflate24 1875is --- 89 unchanged lines hidden (view full) --- 1965Default: Enabled and Accepted. This option is used to negotiate 1966PFC (Protocol Field Compression), a mechanism where the protocol 1967field number is reduced to one octet rather than two. 1968.It shortseq 1969Default: Enabled and Accepted. This option determines if 1970.Nm 1971will request and accept requests for short 1972.Pq 12 bit | 1876in 1877.Pa rfc1975 Ns No ! 1878.Nm Ppp 1879is capable of negotiating with 1880.Nm pppd , 1881but only if 1882.Dq deflate24 1883is --- 89 unchanged lines hidden (view full) --- 1973Default: Enabled and Accepted. This option is used to negotiate 1974PFC (Protocol Field Compression), a mechanism where the protocol 1975field number is reduced to one octet rather than two. 1976.It shortseq 1977Default: Enabled and Accepted. This option determines if 1978.Nm 1979will request and accept requests for short 1980.Pq 12 bit |
| 1973sequence numbers when negotiating multilink mode. This is only 1974applicable if our MRRU is set (thus enabling multilink). | 1981sequence numbers when negotiating multi-link mode. This is only 1982applicable if our MRRU is set (thus enabling multi-link). |
| 1975.It vjcomp 1976Default: Enabled and Accepted. This option determines if Van Jacobson 1977header compression will be used. 1978.El 1979.Pp 1980The following options are not actually negotiated with the peer. 1981Therefore, accepting or denying them makes no sense. 1982.Bl -tag -width 20 --- 22 unchanged lines hidden (view full) --- 2005interface. If disabled, 2006.Nm 2007will send the packet, probably resulting in an ICMP redirect from 2008the other end. It is convenient to have this option enabled when 2009the interface is also the default route as it avoids the necessity 2010of a loopback route. 2011.It passwdauth 2012Default: Disabled. Enabling this option will tell the PAP authentication | 1983.It vjcomp 1984Default: Enabled and Accepted. This option determines if Van Jacobson 1985header compression will be used. 1986.El 1987.Pp 1988The following options are not actually negotiated with the peer. 1989Therefore, accepting or denying them makes no sense. 1990.Bl -tag -width 20 --- 22 unchanged lines hidden (view full) --- 2013interface. If disabled, 2014.Nm 2015will send the packet, probably resulting in an ICMP redirect from 2016the other end. It is convenient to have this option enabled when 2017the interface is also the default route as it avoids the necessity 2018of a loopback route. 2019.It passwdauth 2020Default: Disabled. Enabling this option will tell the PAP authentication |
| 2013code to use the password file (see | 2021code to use the password database (see |
| 2014.Xr passwd 5 ) | 2022.Xr passwd 5 ) |
| 2015to authenticate the caller rather than the | 2023to authenticate the caller if they cannot be found in the |
| 2016.Pa /etc/ppp/ppp.secret 2017file. 2018.Pa /etc/ppp/ppp.secret | 2024.Pa /etc/ppp/ppp.secret 2025file. 2026.Pa /etc/ppp/ppp.secret |
| 2019is checked before 2020.Xr passwd 5 . | 2027is always checked first. If you wish to use passwords from 2028.Xr passwd 5 , 2029but also to specify an IP number or label for a given client, use 2030.Dq \&* 2031as the client password in 2032.Pa /etc/ppp/ppp.secret . |
| 2021.It proxy 2022Default: Disabled. Enabling this option will tell 2023.Nm 2024to proxy ARP for the peer. 2025.It sroutes 2026Default: Enabled. When the 2027.Dq add 2028command is used with the --- 4 unchanged lines hidden (view full) --- 2033.Sq stick route 2034list. Each time 2035.Dv HISADDR 2036or 2037.Dv MYADDR 2038change, this list is re-applied to the routing table. 2039.Pp 2040Disabling this option will prevent the re-application of sticky routes, | 2033.It proxy 2034Default: Disabled. Enabling this option will tell 2035.Nm 2036to proxy ARP for the peer. 2037.It sroutes 2038Default: Enabled. When the 2039.Dq add 2040command is used with the --- 4 unchanged lines hidden (view full) --- 2045.Sq stick route 2046list. Each time 2047.Dv HISADDR 2048or 2049.Dv MYADDR 2050change, this list is re-applied to the routing table. 2051.Pp 2052Disabling this option will prevent the re-application of sticky routes, |
| 2041altough the | 2053although the |
| 2042.Sq stick route 2043list will still be maintained. 2044.It throughput 2045Default: Enabled. This option tells 2046.Nm | 2054.Sq stick route 2055list will still be maintained. 2056.It throughput 2057Default: Enabled. This option tells 2058.Nm |
| 2047to gather thoroughput statistics. Input and output is sampled over | 2059to gather throughput statistics. Input and output is sampled over |
| 2048a rolling 5 second window, and current, best and total figures are | 2060a rolling 5 second window, and current, best and total figures are |
| 2049retained. This data is output when the relevent | 2061retained. This data is output when the relevant |
| 2050.Em PPP 2051layer shuts down, and is also available using the 2052.Dq show 2053command. Throughput statistics are available at the 2054.Dq IPCP 2055and 2056.Dq modem 2057levels. --- 135 unchanged lines hidden (view full) --- 2193.Sq auto , 2194.Sq direct , 2195.Sq dedicated , 2196.Sq ddial , 2197.Sq background 2198and 2199.Sq * . 2200.Pp | 2062.Em PPP 2063layer shuts down, and is also available using the 2064.Dq show 2065command. Throughput statistics are available at the 2066.Dq IPCP 2067and 2068.Dq modem 2069levels. --- 135 unchanged lines hidden (view full) --- 2205.Sq auto , 2206.Sq direct , 2207.Sq dedicated , 2208.Sq ddial , 2209.Sq background 2210and 2211.Sq * . 2212.Pp |
| 2201When running in multilink mode, a section can be loaded if it allows | 2213When running in multi-link mode, a section can be loaded if it allows |
| 2202.Em any 2203of the currently existing line modes. 2204.El 2205.Pp 2206.It alias Ar command Op Ar args 2207This command allows the control of the aliasing (or masquerading) 2208facilities that are built into 2209.Nm ppp . --- 53 unchanged lines hidden (view full) --- 2263socket so that it can guarantee a correct incoming ftp data or 2264IRC connection. 2265.It alias unregistered_only [yes|no] 2266Only alter outgoing packets with an unregistered source ad- 2267dress. According to RFC 1918, unregistered source addresses 2268are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. 2269.El 2270.Pp | 2214.Em any 2215of the currently existing line modes. 2216.El 2217.Pp 2218.It alias Ar command Op Ar args 2219This command allows the control of the aliasing (or masquerading) 2220facilities that are built into 2221.Nm ppp . --- 53 unchanged lines hidden (view full) --- 2275socket so that it can guarantee a correct incoming ftp data or 2276IRC connection. 2277.It alias unregistered_only [yes|no] 2278Only alter outgoing packets with an unregistered source ad- 2279dress. According to RFC 1918, unregistered source addresses 2280are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. 2281.El 2282.Pp |
| 2283These commands are also discussed in the file 2284.Pa README.alias 2285which comes with the source distribution. 2286.Pp |
|
| 2271.It [!]bg Ar command 2272The given 2273.Ar command 2274is executed in the background. Any of the pseudo arguments 2275.Dv HISADDR , 2276.Dv INTERFACE 2277and 2278.Dv MYADDR --- 14 unchanged lines hidden (view full) --- 2293.Pp 2294The default link name is 2295.Dq deflink . 2296.It close Op lcp|ccp[!] 2297If no arguments are given, or if 2298.Dq lcp 2299is specified, the link will be closed. If 2300.Dq ccp | 2287.It [!]bg Ar command 2288The given 2289.Ar command 2290is executed in the background. Any of the pseudo arguments 2291.Dv HISADDR , 2292.Dv INTERFACE 2293and 2294.Dv MYADDR --- 14 unchanged lines hidden (view full) --- 2309.Pp 2310The default link name is 2311.Dq deflink . 2312.It close Op lcp|ccp[!] 2313If no arguments are given, or if 2314.Dq lcp 2315is specified, the link will be closed. If 2316.Dq ccp |
| 2301is specified, only the relevent compression layer is closed. If the | 2317is specified, only the relevant compression layer is closed. If the |
| 2302.Dq \&! 2303is used, the compression layer will remain in the closed state, otherwise 2304it will re-enter the STOPPED state, waiting for the peer to initiate 2305further CCP negotiation. In any event, this command does not disconnect 2306the user from 2307.Nm 2308or exit 2309.Nm ppp . --- 29 unchanged lines hidden (view full) --- 2339.Dq dial 2340and 2341.Dq login 2342scripts for the given 2343.Ar label . 2344Otherwise, the current settings are used to establish 2345the connection, and all closed links are brought up. 2346.It down Op Ar lcp|ccp | 2318.Dq \&! 2319is used, the compression layer will remain in the closed state, otherwise 2320it will re-enter the STOPPED state, waiting for the peer to initiate 2321further CCP negotiation. In any event, this command does not disconnect 2322the user from 2323.Nm 2324or exit 2325.Nm ppp . --- 29 unchanged lines hidden (view full) --- 2355.Dq dial 2356and 2357.Dq login 2358scripts for the given 2359.Ar label . 2360Otherwise, the current settings are used to establish 2361the connection, and all closed links are brought up. 2362.It down Op Ar lcp|ccp |
| 2347Bring the relevent layer down ungracefully, as if the underlying layer | 2363Bring the relevant layer down ungracefully, as if the underlying layer |
| 2348had become unavailable. It's not considered polite to use this command on 2349a Finite State Machine that's in the OPEN state. If no arguments are 2350supplied, 2351.Sq lcp 2352is assumed. 2353.It help|? Op Ar command 2354Show a list of available commands. If 2355.Ar command 2356is specified, show the usage string for that command. 2357.It [data]link Ar name[,name...] command Op Ar args 2358This command may prefix any other command if the user wishes to 2359specify which link the command should affect. This is only | 2364had become unavailable. It's not considered polite to use this command on 2365a Finite State Machine that's in the OPEN state. If no arguments are 2366supplied, 2367.Sq lcp 2368is assumed. 2369.It help|? Op Ar command 2370Show a list of available commands. If 2371.Ar command 2372is specified, show the usage string for that command. 2373.It [data]link Ar name[,name...] command Op Ar args 2374This command may prefix any other command if the user wishes to 2375specify which link the command should affect. This is only |
| 2360applicable after multiple links have been created in Multilink | 2376applicable after multiple links have been created in Multi-link |
| 2361mode using the 2362.Dq clone 2363command. 2364.Pp 2365.Ar Name 2366specifies the name of an existing link. If 2367.Ar name 2368is a comma separated list, --- 20 unchanged lines hidden (view full) --- 2389command. Using 2390.Dq open 2391with no arguments or with the 2392.Dq lcp 2393argument is the same as using 2394.Dq dial 2395in that all closed links are brought up. If the 2396.Dq ccp | 2377mode using the 2378.Dq clone 2379command. 2380.Pp 2381.Ar Name 2382specifies the name of an existing link. If 2383.Ar name 2384is a comma separated list, --- 20 unchanged lines hidden (view full) --- 2405command. Using 2406.Dq open 2407with no arguments or with the 2408.Dq lcp 2409argument is the same as using 2410.Dq dial 2411in that all closed links are brought up. If the 2412.Dq ccp |
| 2397argument is used, the relevent compression layer is opened. | 2413argument is used, the relevant compression layer is opened. |
| 2398.It passwd Ar pass 2399Specify the password required for access to the full 2400.Nm 2401command set. This password is required when connecting to the diagnostic 2402port (see the 2403.Dq set server 2404command). 2405.Ar Pass --- 16 unchanged lines hidden (view full) --- 2422If the 2423.Ar 2424all argument is given, 2425.Nm 2426will exit despite the source of the command after closing all existing 2427connections. 2428.It remove|rm 2429This command removes the given link. It is only really useful in | 2414.It passwd Ar pass 2415Specify the password required for access to the full 2416.Nm 2417command set. This password is required when connecting to the diagnostic 2418port (see the 2419.Dq set server 2420command). 2421.Ar Pass --- 16 unchanged lines hidden (view full) --- 2438If the 2439.Ar 2440all argument is given, 2441.Nm 2442will exit despite the source of the command after closing all existing 2443connections. 2444.It remove|rm 2445This command removes the given link. It is only really useful in |
| 2430multilink mode. A link must be | 2446multi-link mode. A link must be |
| 2431in the 2432.Dv CLOSED 2433state before it is removed. 2434.It rename|mv Ar name 2435This command renames the given link to 2436.Ar name . 2437It will fail if 2438.Ar name --- 8 unchanged lines hidden (view full) --- 2447.Sq USR 2448may make the log file more readable. 2449.It save 2450This option is not (yet) implemented. 2451.It set[up] Ar var value 2452This option allows the setting of any of the following variables: 2453.Bl -tag -width 20 2454.It set accmap Ar hex-value | 2447in the 2448.Dv CLOSED 2449state before it is removed. 2450.It rename|mv Ar name 2451This command renames the given link to 2452.Ar name . 2453It will fail if 2454.Ar name --- 8 unchanged lines hidden (view full) --- 2463.Sq USR 2464may make the log file more readable. 2465.It save 2466This option is not (yet) implemented. 2467.It set[up] Ar var value 2468This option allows the setting of any of the following variables: 2469.Bl -tag -width 20 2470.It set accmap Ar hex-value |
| 2455ACCMap stands for Asyncronous Control Character Map. This is always | 2471ACCMap stands for Asynchronous Control Character Map. This is always |
| 2456negotiated with the peer, and defaults to a value of 00000000 in hex. 2457This protocol is required to defeat hardware that depends on passing 2458certain characters from end to end (such as XON/XOFF etc). 2459.Pp 2460For the XON/XOFF scenario, use 2461.Dq set accmap 000a0000 . 2462.It set authkey|key Ar value 2463This sets the authentication key (or password) used in client mode 2464PAP or CHAP negotiation to the given value. It can also be used to 2465specify the password to be used in the dial or login scripts in place 2466of the '\\P' sequence, preventing the actual password from being logged. If 2467.Ar command 2468logging is in effect, 2469.Ar value 2470is logged as 2471.Sq ******** 2472for security reasons. 2473.It set authname Ar id 2474This sets the authentication id used in client mode PAP or CHAP negotiation. | 2472negotiated with the peer, and defaults to a value of 00000000 in hex. 2473This protocol is required to defeat hardware that depends on passing 2474certain characters from end to end (such as XON/XOFF etc). 2475.Pp 2476For the XON/XOFF scenario, use 2477.Dq set accmap 000a0000 . 2478.It set authkey|key Ar value 2479This sets the authentication key (or password) used in client mode 2480PAP or CHAP negotiation to the given value. It can also be used to 2481specify the password to be used in the dial or login scripts in place 2482of the '\\P' sequence, preventing the actual password from being logged. If 2483.Ar command 2484logging is in effect, 2485.Ar value 2486is logged as 2487.Sq ******** 2488for security reasons. 2489.It set authname Ar id 2490This sets the authentication id used in client mode PAP or CHAP negotiation. |
| 2475.It set autoload Ar maxduration maxload [minduration minload] 2476These settings apply only in multilink mode and all default to zero. | 2491.It set autoload Ar max-duration max-load [min-duration min-load] 2492These settings apply only in multi-link mode and all default to zero. |
| 2477When more than one 2478.Ar demand-dial 2479.Pq also known as Fl auto 2480mode link is available, only the first link is made active when 2481.Nm 2482first reads data from the tun device. The next 2483.Ar demand-dial 2484link will be opened only when at least | 2493When more than one 2494.Ar demand-dial 2495.Pq also known as Fl auto 2496mode link is available, only the first link is made active when 2497.Nm 2498first reads data from the tun device. The next 2499.Ar demand-dial 2500link will be opened only when at least |
| 2485.Ar maxload | 2501.Ar max-load |
| 2486packets have been in the send queue for | 2502packets have been in the send queue for |
| 2487.Ar maxduration | 2503.Ar max-duration |
| 2488seconds. Because both values default to zero, 2489.Ar demand-dial 2490links will simply come up one at a time by default. 2491.Pp 2492If two or more links are open, at least one of which is a 2493.Ar demand-dial 2494link, a 2495.Ar demand-dial 2496link will be closed when there is less than | 2504seconds. Because both values default to zero, 2505.Ar demand-dial 2506links will simply come up one at a time by default. 2507.Pp 2508If two or more links are open, at least one of which is a 2509.Ar demand-dial 2510link, a 2511.Ar demand-dial 2512link will be closed when there is less than |
| 2497.Ar minpackets | 2513.Ar min-packets |
| 2498in the queue for more than | 2514in the queue for more than |
| 2499.Ar minduration . | 2515.Ar min-duration . |
| 2500If | 2516If |
| 2501.Ar minduration | 2517.Ar min-duration |
| 2502is zero, this timer is disabled. Because both values default to zero, 2503.Ar demand-dial 2504links will stay active until the bundle idle timer expires. 2505.It set ctsrts|crtscts on|off 2506This sets hardware flow control. Hardware flow control is 2507.Ar on 2508by default. 2509.It set deflate Ar out-winsize Op Ar in-winsize --- 26 unchanged lines hidden (view full) --- 2536will talk to the given 2537.Dq value . 2538All serial device names are expected to begin with 2539.Pa /dev/ . 2540If 2541.Dq value 2542does not begin with 2543.Pa /dev/ , | 2518is zero, this timer is disabled. Because both values default to zero, 2519.Ar demand-dial 2520links will stay active until the bundle idle timer expires. 2521.It set ctsrts|crtscts on|off 2522This sets hardware flow control. Hardware flow control is 2523.Ar on 2524by default. 2525.It set deflate Ar out-winsize Op Ar in-winsize --- 26 unchanged lines hidden (view full) --- 2552will talk to the given 2553.Dq value . 2554All serial device names are expected to begin with 2555.Pa /dev/ . 2556If 2557.Dq value 2558does not begin with 2559.Pa /dev/ , |
| 2544it must either begin with an exclaimation mark | 2560it must either begin with an exclamation mark |
| 2545.Pq Dq \&! 2546or be of the format 2547.Dq host:port . 2548.Pp | 2561.Pq Dq \&! 2562or be of the format 2563.Dq host:port . 2564.Pp |
| 2549If it begins with an exclaimation mark, the rest of the device name is | 2565If it begins with an exclamation mark, the rest of the device name is |
| 2550treated as a program name, and that program is executed when the device 2551is opened. Standard input, output and error are fed back to 2552.Nm 2553and are read and written as if they were a regular device. 2554.Pp 2555If a 2556.Dq host:port 2557pair is given, --- 66 unchanged lines hidden (view full) --- 2624.Sq command parser . 2625This means that in practice you should use two escapes, for example: 2626.Bd -literal -offset indent 2627set dial "... ATDT\\\\T CONNECT" 2628.Ed 2629.Pp 2630It is also possible to execute external commands from the chat script. 2631To do this, the first character of the expect or send string is an | 2566treated as a program name, and that program is executed when the device 2567is opened. Standard input, output and error are fed back to 2568.Nm 2569and are read and written as if they were a regular device. 2570.Pp 2571If a 2572.Dq host:port 2573pair is given, --- 66 unchanged lines hidden (view full) --- 2640.Sq command parser . 2641This means that in practice you should use two escapes, for example: 2642.Bd -literal -offset indent 2643set dial "... ATDT\\\\T CONNECT" 2644.Ed 2645.Pp 2646It is also possible to execute external commands from the chat script. 2647To do this, the first character of the expect or send string is an |
| 2632exclaimation mark | 2648exclamation mark |
| 2633.Pq Dq \&! . 2634When the command is executed, standard input and standard output are 2635directed to the modem device (see the 2636.Dq set device 2637command), and standard error is read by 2638.Nm 2639and substituted as the expect or send string. If 2640.Nm --- 63 unchanged lines hidden (view full) --- 2704will send the information to the peer using the LCP endpoint discriminator 2705option. The following discriminators may be set: 2706.Bd -literal -offset indent 2707.It label 2708The current label is used. 2709.It IP 2710Our local IP number is used. As LCP is negotiated prior to IPCP, it is 2711possible that the IPCP layer will subsequently change this value. If | 2649.Pq Dq \&! . 2650When the command is executed, standard input and standard output are 2651directed to the modem device (see the 2652.Dq set device 2653command), and standard error is read by 2654.Nm 2655and substituted as the expect or send string. If 2656.Nm --- 63 unchanged lines hidden (view full) --- 2720will send the information to the peer using the LCP endpoint discriminator 2721option. The following discriminators may be set: 2722.Bd -literal -offset indent 2723.It label 2724The current label is used. 2725.It IP 2726Our local IP number is used. As LCP is negotiated prior to IPCP, it is 2727possible that the IPCP layer will subsequently change this value. If |
| 2712it does, the endpoint descriminator stays at the old value unless manually | 2728it does, the endpoint discriminator stays at the old value unless manually |
| 2713reset. 2714.It MAC 2715This is similar to the 2716.Ar IP 2717option above, except that the MAC address associated with the local IP | 2729reset. 2730.It MAC 2731This is similar to the 2732.Ar IP 2733option above, except that the MAC address associated with the local IP |
| 2718number is used. If the local IP number is not resident on any ethernet | 2734number is used. If the local IP number is not resident on any Ethernet |
| 2719interface, the command will fail. 2720.Pp 2721As the local IP number defaults to whatever the machine host name is, 2722.Dq set enddisc mac 2723is usually done prior to any 2724.Dq set ifaddr 2725commands. 2726.It magic --- 118 unchanged lines hidden (view full) --- 2845line in the config file. In any other mode, these values are just 2846used for IPCP negotiations, and the interface isn't configured 2847until the IPCP layer is up. 2848.Pp 2849Note that the 2850.Ar HISADDR 2851argument may be overridden by the third field in the 2852.Pa ppp.secret | 2735interface, the command will fail. 2736.Pp 2737As the local IP number defaults to whatever the machine host name is, 2738.Dq set enddisc mac 2739is usually done prior to any 2740.Dq set ifaddr 2741commands. 2742.It magic --- 118 unchanged lines hidden (view full) --- 2861line in the config file. In any other mode, these values are just 2862used for IPCP negotiations, and the interface isn't configured 2863until the IPCP layer is up. 2864.Pp 2865Note that the 2866.Ar HISADDR 2867argument may be overridden by the third field in the 2868.Pa ppp.secret |
| 2853file once the client has authenticated themself | 2869file once the client has authenticated itself |
| 2854.Pq if PAP or CHAP are Dq enabled . 2855Refer to the 2856.Em AUTHENTICATING INCOMING CONNECTIONS 2857section for details. 2858.Pp 2859In all cases, if the interface is already configured, 2860.Nm 2861will try to maintain the interface IP numbers so that any existing --- 26 unchanged lines hidden (view full) --- 2888or 2889.Em ECHO LQR 2890packets are sent. The default is 30 seconds. You must also use the 2891.Dq enable lqr 2892command if you wish to send LQR requests to the peer. 2893.It set mode Ar interactive|auto|ddial|background 2894This command allows you to change the 2895.Sq mode | 2870.Pq if PAP or CHAP are Dq enabled . 2871Refer to the 2872.Em AUTHENTICATING INCOMING CONNECTIONS 2873section for details. 2874.Pp 2875In all cases, if the interface is already configured, 2876.Nm 2877will try to maintain the interface IP numbers so that any existing --- 26 unchanged lines hidden (view full) --- 2904or 2905.Em ECHO LQR 2906packets are sent. The default is 30 seconds. You must also use the 2907.Dq enable lqr 2908command if you wish to send LQR requests to the peer. 2909.It set mode Ar interactive|auto|ddial|background 2910This command allows you to change the 2911.Sq mode |
| 2896of the specified link. This is normally only useful in multilink mode, 2897but may also be used in unilink mode. | 2912of the specified link. This is normally only useful in multi-link mode, 2913but may also be used in uni-link mode. |
| 2898.Pp 2899It is not possible to change a link that is 2900.Sq direct 2901or 2902.Sq dedicated . 2903.It set mrru Ar value | 2914.Pp 2915It is not possible to change a link that is 2916.Sq direct 2917or 2918.Sq dedicated . 2919.It set mrru Ar value |
| 2904Setting this option enables Multilink PPP negotiations, also known as 2905Multilink Protocol or MP. There is no default MRRU (Maximum | 2920Setting this option enables Multi-link PPP negotiations, also known as 2921Multi-link Protocol or MP. There is no default MRRU (Maximum |
| 2906Reconstructed Receive Unit) value. 2907.Em PPP 2908protocol *must* be able to accept packets of at 2909least 1500 octets. 2910.It set mru Ar value 2911The default MRU (Maximum Receive Unit) is 1500. If it is increased, the 2912other side *may* increase its mtu. There is no point in decreasing the 2913MRU to below the default as the --- 85 unchanged lines hidden (view full) --- 2999for incoming command connections. 3000.Pp 3001The word 3002.Ar none 3003instructs 3004.Nm 3005to close any existing socket. 3006.Pp | 2922Reconstructed Receive Unit) value. 2923.Em PPP 2924protocol *must* be able to accept packets of at 2925least 1500 octets. 2926.It set mru Ar value 2927The default MRU (Maximum Receive Unit) is 1500. If it is increased, the 2928other side *may* increase its mtu. There is no point in decreasing the 2929MRU to below the default as the --- 85 unchanged lines hidden (view full) --- 3015for incoming command connections. 3016.Pp 3017The word 3018.Ar none 3019instructs 3020.Nm 3021to close any existing socket. 3022.Pp |
| 3007If you wish to specify a unix domain socket, | 3023If you wish to specify a local domain socket, |
| 3008.Ar LocalName 3009must be specified as an absolute file name, otherwise it is assumed 3010to be the name or number of a TCP port. You may specify the octal umask that | 3024.Ar LocalName 3025must be specified as an absolute file name, otherwise it is assumed 3026to be the name or number of a TCP port. You may specify the octal umask that |
| 3011should be used with unix domain sockets as a four character octal number | 3027should be used with local domain sockets as a four character octal number |
| 3012beginning with 3013.Sq 0 . 3014Refer to 3015.Xr umask 2 3016for umask details. Refer to 3017.Xr services 5 3018for details of how to translate TCP port names. 3019.Pp 3020You must also specify the password that must be entered by the client 3021(using the 3022.Dq passwd 3023command above) when connecting to this socket. If the password is 3024specified as an empty string, no password is required for connecting clients. 3025.Pp | 3028beginning with 3029.Sq 0 . 3030Refer to 3031.Xr umask 2 3032for umask details. Refer to 3033.Xr services 5 3034for details of how to translate TCP port names. 3035.Pp 3036You must also specify the password that must be entered by the client 3037(using the 3038.Dq passwd 3039command above) when connecting to this socket. If the password is 3040specified as an empty string, no password is required for connecting clients. 3041.Pp |
| 3026When specifying a unix domain socket, the first | 3042When specifying a local domain socket, the first |
| 3027.Dq %d 3028sequence found in the socket name will be replaced with the current 3029interface unit number. This is useful when you wish to use the same 3030profile for more than one connection. 3031.Pp 3032In a similar manner TCP sockets may be prefixed with the 3033.Dq + 3034character, in which case the current interface unit number is added to --- 208 unchanged lines hidden (view full) --- 3243.Fl background , 3244.Fl auto 3245and 3246.Fl ddial 3247modes. 3248.It Pa /etc/services 3249Get port number if port number is using service name. 3250.It Pa /var/run/ppp-authname-class-value | 3043.Dq %d 3044sequence found in the socket name will be replaced with the current 3045interface unit number. This is useful when you wish to use the same 3046profile for more than one connection. 3047.Pp 3048In a similar manner TCP sockets may be prefixed with the 3049.Dq + 3050character, in which case the current interface unit number is added to --- 208 unchanged lines hidden (view full) --- 3259.Fl background , 3260.Fl auto 3261and 3262.Fl ddial 3263modes. 3264.It Pa /etc/services 3265Get port number if port number is using service name. 3266.It Pa /var/run/ppp-authname-class-value |
| 3251In multilink mode, unix domain sockets are created using the peer | 3267In multi-link mode, local domain sockets are created using the peer |
| 3252authentication name 3253.Pq Sq authname , 3254the peer endpoint discriminator class 3255.Pq Sq class 3256and the peer endpoint discriminator value 3257.Pq Sq value . 3258As the endpoint discriminator value may be a binary value, it is turned 3259to HEX to determine the actual file name. --- 34 unchanged lines hidden (view full) --- 3294This program was originally written by Toshiharu OHNO (tony-o@iij.ad.jp), 3295and was submitted to FreeBSD-2.0.5 by Atsushi Murai (amurai@spec.co.jp). 3296.Pp 3297It was substantially modified during 1997 by Brian Somers 3298(brian@Awfulhak.org), and was ported to OpenBSD in November that year 3299(just after the 2.2 release). 3300.Pp 3301Most of the code was rewritten by Brian Somers in early 1998 when | 3268authentication name 3269.Pq Sq authname , 3270the peer endpoint discriminator class 3271.Pq Sq class 3272and the peer endpoint discriminator value 3273.Pq Sq value . 3274As the endpoint discriminator value may be a binary value, it is turned 3275to HEX to determine the actual file name. --- 34 unchanged lines hidden (view full) --- 3310This program was originally written by Toshiharu OHNO (tony-o@iij.ad.jp), 3311and was submitted to FreeBSD-2.0.5 by Atsushi Murai (amurai@spec.co.jp). 3312.Pp 3313It was substantially modified during 1997 by Brian Somers 3314(brian@Awfulhak.org), and was ported to OpenBSD in November that year 3315(just after the 2.2 release). 3316.Pp 3317Most of the code was rewritten by Brian Somers in early 1998 when |
| 3302multilink ppp support was added. | 3318multi-link ppp support was added. |